Security News

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials
2024-01-17 11:14

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for...

Microsoft Azure Confidential VMs Will Roll Out This December
2023-11-21 18:24

Organizations using Microsoft Azure will have access to confidential virtual machines in Azure on Dec. 1, allowing greater privacy and compliance. Confidential VMs:. SEE: Windows 10 users can now try out the AI assistant Microsoft Copilot.

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs
2023-11-14 18:43

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud. "Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions."

Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation
2023-11-08 14:19

Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Developed by Microsoft, it's a cloud-based automation service that allows users to automate the creation, deployment, monitoring, and maintenance of resources in Azure.

Uphold Linux systems’ performance and availability in Azure
2023-11-08 04:00

That's why we've partnered with the Microsoft Azure team to test CIS Hardened Images for Linux using Azure Monitor Agent. For context, Azure Monitor is a service that helps you evaluate the availability and performance of your applications and services in Microsoft Azure.

Microsoft: Hackers target Azure cloud VMs via breached SQL servers
2023-10-04 14:53

Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.

Microsoft Azure Update Manager Now Generally Available
2023-09-27 11:22

Microsoft has unveiled Azure Update Manager, a SaaS tool tailored for enterprise clients to simplify the software update management process across different platforms. This tool represents an enhancement over the previous Azure Automation Update management solution. It empowers IT professionals to oversee software updates on Windows and Linux systems across Azure, on-premises, and multi-cloud settings.Azure Update Manager offers a suite of functionalities to IT administrators, enabling them to monitor the update compliance of their machines, whether they're based in Azure, on-premises, or other cloud infrastructures. Critical updates can be immediately deployed, ensuring systems remain secure. The tool also provides the capability to manage extended security updates for Azure Arc-enabled virtual machines. Furthermore, administrators have the option to schedule regular patching, determining specific time frames for the rollout of updates and system reboots.

Week in review: 18 free Microsoft Azure cybersecurity resources, K8 vulnerability allows RCE
2023-09-24 08:00

An inside look at NetSPI's impressive Breach and Attack Simulation platformIn this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation platform and discusses how it offers unique features - from customizable procedures to advanced plays - that help organizations maximize their ROI. How companies can take control of their cybersecurityIn this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. Critical Trend Micro vulnerability exploited in the wildTrend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.

18 free Microsoft Azure cybersecurity resources you should check out
2023-09-20 04:30

Here's a list of free Azure cybersecurity resources that Microsoft offers to anyone interested in learning. Prepare for cloud security by using the Microsoft Cloud Adoption Framework for Azure.

White Hat Hackers Discover Microsoft Leak of 38TB of Internal Data Via Azure Storage
2023-09-19 06:57

Microsoft has patched a vulnerability that exposed 38TB of private data from its AI research division. The repository held 38TB of private data, secrets, private keys, passwords and the open-source AI training data.